Abstract: Only identities of the server and the user are authenticated in traditional smart cards based passwords authentication schemes, but whether the platform is trusted or not does not be verified, and this identity authentication cannot provide enough protection on personal information of users. A trusted mutual authentication scheme based on smart cards is proposed, in which hash functions are used to authenticate identities, and remote attestation is used to verify the platform. Analysis shows that our scheme can resist most of possible attacks and is therefore more secure and efficient for smart card applicatoins.